- From: <sird@rckc.at>
- Date: Mon, 21 Feb 2011 11:38:19 -0800
- To: gaz Heyes <gazheyes@gmail.com>
- Cc: Adam Barth <w3c@adambarth.com>, public-web-security@w3.org
Oh btw, regarding this idea of putting sandbox in a CSP rule. I like it. But I would have preferred if it was the other way around.. And let a sandboxed iframe to have CSP rules. Either way, If we have: CSP: sandbox;script-src http://*.google.com What will happen? The rules conflict with each other. I know the answer will be, that no scripts will be allowed.. but that's counter intuitive.. What about CSP: sandbox allow-scripts; Then script-src and inline-script rules are useless? Greetings!! -- Eduardo On Mon, Feb 21, 2011 at 11:33 AM, gaz Heyes <gazheyes@gmail.com> wrote: > On 21 February 2011 19:21, sird@rckc.at <sird@rckc.at> wrote: >> >> Would be cool if we had a "disallow-navigation" rule which disallow's >> the user to navigate to any links. > > +1 > > Same domain navigations restrictions would be awesome >
Received on Monday, 21 February 2011 19:39:13 UTC